A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OvWebHelp.exe CGI application. During a string concatenation the process takes the value of the Topic POST variable and copies it without any length checks into a static 0x400 byte heap buffer. By providing a large enough string this buffer can be overrun leading to arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83665/TPTI-09-11.txt
Source: https://packetstormsecurity.com/files/83665/HP-OpenView-NNM-OvWebHelp.exe-CGI-Topic-Heap-Overflow.html